The present invention relates to systems, methods and computer program products for secure client-server communication, and more specifically to systems, methods and computer program products that use biometric data to identify and/or verify an individual.
Electronic communication over public networks, such as the Internet, presents two interrelated problems: the security of the server and the privacy of the client. The security of the server dictates strict requirements for verifying the identity of a client including the use of the client's biometrical information.
Storing biometrical information in server databases in an unencrypted form is dangerous for both server and client. An unauthorized user can intercept a request of an authorized user and use the obtained information to access this particular server, or take advantage of the stolen private information in other ways.
There is a known solution (Biometric authentication system with encrypted models, Gennaro, et al. U.S. Pat. No. 6,317,834 November, 2001), which consists of acquiring a biometric sample and storing an encrypted biometric record in a database. This solution solves the problem of server security, because encryption mechanism prevents an unauthorized user from decrypting of information and from accessing the server-specific information. The privacy of the client could still be compromised, for example, at the stage of transmitting of biometrical samples from client to server during enrollment.
To solve this problem, another known solution may be deployed. (Protection of biometric data via key-dependent sampling, Matyas, Jr., et al. U.S. Pat. No. 6,507,912 January, 2003) According to this solution, the sampling of biometric characteristic is performed on the client side, using the key transmitted from the server to the client. The key-dependent biometric data samples are then transmitted from the client to the server even without the need for additional encryption. The authentication can be done by comparing of key-dependent samples collected during the enrollment process against key-dependent data submitted during the authentication request.
The theoretical basis for this solution is one-way functions. It is safe for the client to submit key-dependent biometric password if there is no way to invert the employed transformation. However, as mentioned in Fuzzy Extractors and Cryptography, or How to Use Your Fingerprints (Dodis, et al. http://eprint.iacr.orp/2003/235.pdf) the definition of a one-way function assumes that submitted password is truly uniform, and does not guarantee anything otherwise (and in the case of biometric password, it is far from the truly uniform).
Even if this theoretical obstacle were not an issue, there still would be a serious psychological and, probably, legal problem. An average user does not trust an on-line application 100%, if he/she does not have some element of encryption under his/her own control. Applying a server-generated key to biometrical data does not look so safe to the user as applying some secret word, created on the client side so that the client only knows this word. The publication mentioned above shows that the intuitive fear of the client has a mathematical basis.